Hi James... There are a couple articles warning against using Domain Local groups for policies.
Can you try having them put in a global group in their own domain, and adding that directly to the read and apply section of the policy? http://support.microsoft.com/kb/309172/en-us has some info. John "Blair, James" <[EMAIL PROTECTED] ream.originenergy To .com.au> <ActiveDir@mail.activedir.org> Sent by: cc [EMAIL PROTECTED] ail.activedir.org Subject [ActiveDir] Group Policy Query: 05/31/2006 05:08 AM Please respond to [EMAIL PROTECTED] tivedir.org The Brains Trust, I have a terminal server which when users log on get a very restrictive view of the world, this is done via a GPO. I have another company which we have a an external trust with wanting to log onto the terminal sever to access specialist applications. I have created a Domain Local Security Group and put their members in there and set the appropriate permissions and they are now able to log in however they do not get the "restrictive view of the world". This is not a security policy so I can't use secedit.exe and the appropriate switches to roll the policy via "startup". Is there any way to easily apply the appropriate settings, these settings effect the User Configuration - Administrative Templates settings. I know I can create a user account on our domain for them and add them to the appropriate groups and get them to log in with those credentials but the numbers of these staff requiring the software is increasing and I am trying to decrease our admin requirement. Thanking you all in advance. James List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
